alindner
Reputation: 107
Allow CORS header when using tonic-web
I've create a gRPC web server like this:
use tonic_web::GrpcWebLayer;
use tonic::{
transport::Server,
};
let grpc_web_handle = tokio::spawn(
Server::builder()
.accept_http1(true)
.layer(GrpcWebLayer::new())
.add_service(
tonic_web::enable(
AuthServer::new(
AuthImpl::default()
)
)
)
.serve("127.0.0.1:9001".parse()?)
)
//...
However, my firefox complains about CORS:
OPTIONS http://127.0.0.1:9001/auth.Auth/Login:
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing)
Response:
HTTP/1.1 400 Bad Request
content-length: 0
date: Wed, 13 Dec 2023 22:25:53 GMT
I also tried to wrap the AuthServer into cors(AuthServer::new(...))
fn cors<S>(service: S) -> CorsGrpcWeb<S> where
S: Service<http::Request<hyper::Body>, Response=http::Response<BoxBody>>,
S: Clone + Send + 'static,
S::Future: Send + 'static,
S::Error: Into<BoxError> + Send
{
CorsLayer::permissive().layer(tonic_web::enable(service)).into_inner()
}
Still not working.
tonic = {version = "0.10.2", features = []}
tonic-web = {version = "0.10.2",features = []}
tokio = { version = "1.34.0", features = ["full"] }
Upvotes: 3
Views: 569
Answers (1)
ozkanpakdil
Reputation: 4612
To enable CORS you can use below definition
tower-http = { version = "0.3", features = ["cors"] }
As they said in this PR
You can customize the CORS configuration composing the [
GrpcWebLayer] with the cors layer of your choice.
Also found this example in their issues
Server::builder()
.accept_http1(true)
.layer(
CorsLayer::new()
.allow_origin(AllowOrigin::mirror_request())
.allow_credentials(true)
.max_age(DEFAULT_MAX_AGE)
.expose_headers(
DEFAULT_EXPOSED_HEADERS
.iter()
.cloned()
.map(HeaderName::from_static)
.collect::<Vec<HeaderName>>(),
)
.allow_headers(
DEFAULT_ALLOW_HEADERS
.iter()
.cloned()
.map(HeaderName::from_static)
.collect::<Vec<HeaderName>>(),
),
)
.layer(GrpcWebLayer::new())
.add_service(greeter)
.serve(addr)
.await?;
Also check this comment too.
Upvotes: 2
Related Questions
- S3 - Access-Control-Allow-Origin Header
- How does the 'Access-Control-Allow-Origin' header work?
- Why doesn't adding CORS headers to an OPTIONS route allow browsers to access my API?
- Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
- Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response
- No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API
- CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
- Response to preflight request doesn't pass access control check - No 'Access-Control-Allow-Origin' header
- How to get gRPC working between a Unity game client (c#/.NET) and Tonic (rust) based server
- Does CORS allow for the use of the "Prefer" header?